Various improvements around deployment and the provisioning script (#168)

2025-02-21 17:52:06 +01:00 · 2025-02-21 17:52:06 +01:00 · df5ee32d68
commit df5ee32d68
parent 7df5aa27c7 c6fb52915a
5 changed files with 60 additions and 50 deletions
--- a/deployment/flake-part.nix
+++ b/deployment/flake-part.nix
@ -2,7 +2,7 @@

 let
  allVmIds = builtins.genList (x: 100 + x) 156; # 100 -- 255
-  makeInstaller = import ./makeInstaller.nix;
+  makeInstaller = import ../infra/makeInstaller.nix;

 in
 {
@ -31,9 +31,10 @@ in
      inherit (builtins) mapAttrs;
    in
    mapAttrs (
-      vmname:
+      vmname: nixosConfiguration:
      makeInstaller {
        inherit (inputs) nixpkgs;
+        inherit nixosConfiguration;
        hostKeys = {
          ed25519 = {
            private = ./hostKeys/${vmname}/ssh_host_ed25519_key;
@ -52,9 +53,11 @@ in
      makeProcolixVmResource = vmid: vmconfig: {
        type = providers.local.exec;
        imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
-        ssh.opts = "";
-        ssh.host = "95.215.187.${toString vmid}";
-        ssh.hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub;
+
+        ssh = {
+          host = "95.215.187.${toString vmid}";
+          hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub;
+        };

        nixpkgs = inputs.nixpkgs;
        nixos.module = {
@ -62,7 +65,7 @@ in
            vmconfig
            { procolix.vmid = vmid; }
            ./procolixVm.nix
-            inputs.snf.nixosModules.fediversity
+            self.nixosModules.fediversity
            inputs.disko.nixosModules.default
          ];
        };
@ -70,11 +73,9 @@ in

    in
    {
-      providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
+      providers = { inherit (inputs.nixops4.modules.nixops4Provider) local; };

      resources = {
-        fedi100 = makeProcolixVmResource 100 { };
-
        fedi101 = makeProcolixVmResource 101 {
          fediversity = {
            enable = true;
@ -107,14 +108,6 @@ in
            };
          }
        );
-
-        fedi120 = makeProcolixVmResource 120 {
-          fediversity = {
-            enable = true;
-            domain = "fedi120.abundos.eu";
-            pixelfed.enable = true;
-          };
-        };
      };
    };
 }
--- a/deployment/proxmox/provision.sh
+++ b/deployment/proxmox/provision.sh
@ -28,24 +28,27 @@ debug=false

 help () {
  cat <<EOF
-Usage: $0 [OPTION...] [ID...]
+Usage: $0 [OPTION...] ID [ID...]

-Authentication options:
-  --username STR    Username, with provider (eg. niols@pve)
-  --password STR    Password
+Options:
+  --username STR    Username, with provider (eg. niols@pve; required)
+  --password STR    Password (required)

-  If not provided via the command line, username and password will be looked for
-  in a '.proxmox' file in the current working directory, the username on the
-  first line, and the password on the second.
-
-Other options:
-  --sockets INT     Number of sockets (default: $sockets)
  --cores INT       Number of cores (default: $cores)
  --memory INT      Memory (default: $memory)
-  --debug           Run this script in debug mode
+  --sockets INT     Number of sockets (default: $sockets)

-Others:
+  --debug           Run this script in debug mode (default: $debug)
  -h|-?|--help      Show this help and exit
+
+Options can also be provided by adding assignments to a '.proxmox' file in the
+current working directory. For instance, it could contain:
+
+  cores=7
+  username=mireille@pve
+  debug=true
+
+Command line options take precedence over options found in the '.proxmox' file.
 EOF
 }

@ -57,6 +60,10 @@ die_with_help () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; help; exi
 # shellcheck disable=SC2059
 debug () { if $debug; then printf >&2 '\033[37m'; printf >&2 "$@"; printf >&2 '\033[0m\n'; fi }

+if [ -f .proxmox ]; then
+  . "$PWD"/.proxmox
+fi
+
 while [ $# -gt 0 ]; do
  argument=$1
  shift
@ -78,12 +85,12 @@ while [ $# -gt 0 ]; do
  esac
 done

+if [ -z "$vm_ids" ]; then
+  die_with_help "Required: at least one VM id.\n"
+fi
+
 if [ -z "$username" ] || [ -z "$password" ]; then
-  if [ -f .proxmox ]; then
-    { read -r username; read -r password; } < .proxmox
-  else
  die_with_help "Required: '--username' and '--password'.\n"
-  fi
 fi

 readonly sockets
--- a/deployment/proxmox/remove.sh
+++ b/deployment/proxmox/remove.sh
@ -11,7 +11,7 @@ readonly api_url=https://192.168.51.81:8006/api2/json
 ## now, let us just use `node051` everywhere.
 readonly node=node051

-readonly tmpdir=/tmp/proxmox-provision-$RANDOM
+readonly tmpdir=/tmp/proxmox-remove-$RANDOM
 mkdir $tmpdir

 ################################################################################
@ -23,18 +23,22 @@ vm_ids=

 help () {
  cat <<EOF
-Usage: $0 [OPTION...] [ID...]
+Usage: $0 [OPTION...] ID [ID...]

-Authentication options:
+Options:
  --username STR    Username, with provider (eg. niols@pve)
  --password STR    Password

-  If not provided via the command line, username and password will be looked for
-  in a '.proxmox' file in the current working directory, the username on the
-  first line, and the password on the second.
-
-Others:
  -h|-?|--help      Show this help and exit
+
+Options can also be provided by adding assignments to a '.proxmox' file in the
+current working directory. For instance, it could contain:
+
+  cores=7
+  username=mireille@pve
+  debug=true
+
+Command line options take precedence over options found in the '.proxmox' file.
 EOF
 }

@ -43,6 +47,10 @@ die () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; exit 2; }
 # shellcheck disable=SC2059
 die_with_help () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; help; exit 2; }

+if [ -f .proxmox ]; then
+  . "$PWD"/.proxmox
+fi
+
 while [ $# -gt 0 ]; do
  argument=$1
  shift
@ -58,12 +66,12 @@ while [ $# -gt 0 ]; do
  esac
 done

+if [ -z "$vm_ids" ]; then
+  die_with_help "Required: at least one VM id.\n"
+fi
+
 if [ -z "$username" ] || [ -z "$password" ]; then
-  if [ -f .proxmox ]; then
-    { read -r username; read -r password; } < .proxmox
-  else
  die_with_help "Required: '--username' and '--password'.\n"
-  fi
 fi

 ################################################################################
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -31,6 +31,8 @@ let

 in
 {
+  flake.lib.makeInstaller = import ./makeInstaller.nix;
+
  nixops4Deployments = makeDeployments (addDefaultDeployment {
    git = [
      "vm02116"
--- a/deployment/makeInstaller.nix
+++ b/deployment/makeInstaller.nix
@ -7,8 +7,8 @@
 {
  nixpkgs,
  hostKeys ? { },
+  nixosConfiguration,
 }:
-machine:

 let
  inherit (builtins) concatStringsSep attrValues mapAttrs;
@ -25,8 +25,8 @@ let
        name = "bootstrap";
        runtimeInputs = with pkgs; [ nixos-install-tools ];
        text = ''
-          ${machine.config.system.build.diskoScript}
-          nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel}
+          ${nixosConfiguration.config.system.build.diskoScript}
+          nixos-install --no-root-password --no-channel-copy --system ${nixosConfiguration.config.system.build.toplevel}
          ${concatStringsSep "\n" (
            attrValues (
              mapAttrs (kind: keys: ''